The trust platform for the agentic web
Google Cloud Fraud Defense
As the evolution of reCAPTCHA, Google Cloud Fraud Defense provides the definitive layer of digital trust for the agentic web, securing the entire customer journey from account creation to payment with Google-scale intelligence.
Request a demo to protect your website from fraud and abuse.
Funzionalità
Advanced bot and agent detection
Fraud Defense leverages a sophisticated and adaptable risk analysis engine to shield against automated software. It is specifically designed to orchestrate trust for the agentic web, neutralizing malicious scrapers while welcoming legitimate AI agents.
Detect automated and targeted ATO attacks
Safeguard applications against automated and targeted Account Takeover (ATO) attacks. Our new dedicated ATO score is 400% more effective at detecting takeover attempts than standard bot scores. Google Cloud Fraud Defense provides risk scores and forensic explainability reasons, allowing you to automate granular security policies with evidence that shuts down attacks bypassing traditional detection.
Global visibility at Google-scale
Benefit from a global perspective that aggregates signals from millions of protected sites and billions of daily interactions. By correlating anonymized telemetry across the Google ecosystem, Fraud Defense provides a layer of shared intelligence that helps identify high-risk patterns before they manifest in your specific environment. This broad-spectrum visibility allows our models to surface subtle indicators of coordinated attacks, providing your security team with the context needed to harden defenses against emerging fraud tactics.
Adaptive risk-analysis engine
Fine-tune a vast array of signals—including user behavior, device integrity, and interaction history—to meet your organization's specific risk appetite. This adaptive engine assesses intent with high precision to ensure that security never stands in the way of your legitimate business growth. By continuously learning from your site's unique traffic, the engine becomes more accurate over time, reducing false positives and improving conversion.
Unified protection for every surface
Protect your organization across every possible interaction surface, from legacy browsers and mobile apps to IoT devices and the emerging agentic frontier. Fraud Defense provides a unified view of risk across any digital endpoint, including Agent-to-Agent (A2A) and Model Context Protocol (MCP) layers, even in environments that cannot run standard JavaScript. By securing the underlying infrastructure of both human and autonomous commerce, you can safely enable complex transactions across your entire digital ecosystem.
Full customer journey coverage
Integrate protection across every critical stage of the user lifecycle—including registration, login, cart, and payment. By correlating telemetry across these milestones, Fraud Defense eliminates the defensive blind spots created by disconnected point solutions. This holistic view allows you to identify suspicious patterns that might look legitimate in isolation but reveal fraudulent intent when viewed as a complete journey.
Password leak detection
Securely compare user credentials against Google’s comprehensive database of billions of leaked records from third-party breaches. If a match is found during a login attempt, allowing you to automatically warn the user or require a password change to prevent successful credential-stuffing attacks. This proactive defense mitigates the risk of account takeovers even when a user's password has been compromised elsewhere on the web.
Comprehensive transaction defense
Identify and block fraudulent transactions, card testing, and chargebacks by merging Google-scale fraud intelligence with our expertise in payment risk and modeling. Choose between a front-end JavaScript integration or our new API-only mode, which uses direct server-to-server calls to protect your checkout flow at the moment of purchase with zero added user friction.
SMS toll fraud protection
Safeguard your mobile authentication and sign-up flows from high-velocity "SMS pumping" attacks. Utilizing unique Google-scale fraud intelligence, Fraud Defense identifies suspicious phone numbers and prevents automated bots from triggering costly fraudulent messages, protecting your financial security without impacting legitimate users.
Policy-based challenges
Bridge the gap between passive risk scoring and active verification with deterministic Policy-based challenges. By defining action-specific score thresholds, security teams can automatically trigger challenges only when an interaction falls below a chosen trustworthiness level. This approach reduces false positives by giving borderline users a way to prove their humanity while forcing sophisticated bots to encounter AI-resistant hurdles, ensuring growth remains unhindered by automated abuse.
AI/ML-powered threat detection
Uncover the most sophisticated threats using a powerful combination of unsupervised clustering and deep neural networks. Our models are capable of identifying active attacks in real-time and uncovering hidden connections between seemingly disparate adversaries and their coordinated operations. This intelligence allows your team to move beyond reactive blocking and begin dismantling the infrastructure of professional fraud rings.
Malicious account identification
Detect groups of accounts exhibiting suspicious or related behavior that suggests a coordinated attack or synthetic identity network. Fraud Defense provides the visibility needed to take proactive measures, such as disabling related accounts or restricting specific actions, before a fraud ring can scale its operations. This capability is essential for preventing mass sign-ups and protecting your promotional budgets from automated abuse.
Forensic attack investigation
Transition from individual log analysis to high-level campaign visualization. Our new Attack Investigation view aggregates millions of data points into correlated "Attacks," allowing analysts to visualize the footprint of professional fraud rings across the entire journey. Deep-dive into specific incidents with forensic tools designed to help you deconstruct and shut down coordinated campaigns with precision.
Intelligent security recommendations
Receive tailored, data-driven recommendations within the console based on your unique traffic patterns and security posture. Our system identifies potential gaps in your current implementation and suggests specific configurations or policy updates to maximize your detection accuracy. These proactive insights ensure that your defense remains optimized as both your business and the threat landscape continue to evolve.
Real-time anomaly detection
Identify sudden traffic spikes and unusual behavior patterns as they happen with automated anomaly detection. These real-time alerts help your security teams respond instantly to zero-day attacks or novel fraud tactics emerging on the agentic web. By establishing a baseline of normal behavior for your specific site, we can highlight deviations that indicate a new or sophisticated attack is underway.
Privacy-preserving data processing
Secure your sensitive data with advanced client-side storage and anonymization techniques that prioritize user privacy. Effective April 2, 2026, our transition to a Data Processor model gives your organization direct control over user data and simplifies compliance with global regulations. This privacy-by-design approach ensures that your security measures never compromise the trust of your customers.
Comprehensive WAAP protection
Combine Fraud Defense with Cloud Armor and Apigee to create a multi-layered Web App and API Protection (WAAP) architecture. This comprehensive solution secures your perimeter against DDoS attacks, protects your critical APIs from exploitation, and shields your user accounts from automated fraud. Managed through a single pane of glass, this unified defense simplifies security operations while providing superior protection for complex, cloud-native environments.
Web Application Firewall (WAF) integration
Integrate natively with your existing WAF provider, including Google Cloud Armor, Fastly, and Cloudflare, to create a robust defensive perimeter. This connection allows you to detect and block abusive traffic at the network edge before it ever reaches your application’s infrastructure. By offloading the challenge of bot mitigation to the edge, you save on compute costs and improve the performance of your web applications for legitimate traffic.
Come funziona
Google Cloud Fraud Defense works by:
- Observing telemetry across every human and agentic surface such as web, mobile, and MCP/A2A
- Correlating signals from initial registration and login to cart additions and final payment
- Instantly verifying signals to distinguish human customers and helpful AI assistants from attackers
- Providing risk scores and reason codes to empower you to automate security policies that neutralize fraud while accelerating trusted commerce at scale
Google Cloud Fraud Defense works by:
- Observing telemetry across every human and agentic surface such as web, mobile, and MCP/A2A
- Correlating signals from initial registration and login to cart additions and final payment
- Instantly verifying signals to distinguish human customers and helpful AI assistants from attackers
- Providing risk scores and reason codes to empower you to automate security policies that neutralize fraud while accelerating trusted commerce at scale
Bot protection
Defend against automated cyber attacks
Google Cloud Fraud Defense, the evolution of reCAPTCHA, provides robust protection against automated cyber attacks such as scrapers, scalpers, and sophisticated bots. By analyzing global telemetry across billions of interactions, our models distinguish between malicious automation and legitimate users in real-time. This ensures that your valuable inventory and computing resources are reserved for high-value customers rather than rogue actors. Our adaptive risk-analysis engine evolves alongside the threat landscape, allowing you to stay ahead of zero-day bot campaigns.
Risorse per l'apprendimento
Defend against automated cyber attacks
Google Cloud Fraud Defense, the evolution of reCAPTCHA, provides robust protection against automated cyber attacks such as scrapers, scalpers, and sophisticated bots. By analyzing global telemetry across billions of interactions, our models distinguish between malicious automation and legitimate users in real-time. This ensures that your valuable inventory and computing resources are reserved for high-value customers rather than rogue actors. Our adaptive risk-analysis engine evolves alongside the threat landscape, allowing you to stay ahead of zero-day bot campaigns.
Account protection
Mitigate account takeovers and credential stuffing
Safeguard your user ecosystem by identifying and mitigating both automated and targeted Account Takeover (ATO) attacks. By correlating signals across the entire login journey, Fraud Defense identifies credential stuffing and brute-force attempts that bypass traditional point solutions. We provide security teams with precise risk scores and human-readable reason codes, delivering the forensic evidence needed to automate surgical responses—such as triggering MFA only for high-risk events. This minimizes friction for legitimate users while ensuring that account integrity is maintained.
Risorse per l'apprendimento
Mitigate account takeovers and credential stuffing
Safeguard your user ecosystem by identifying and mitigating both automated and targeted Account Takeover (ATO) attacks. By correlating signals across the entire login journey, Fraud Defense identifies credential stuffing and brute-force attempts that bypass traditional point solutions. We provide security teams with precise risk scores and human-readable reason codes, delivering the forensic evidence needed to automate surgical responses—such as triggering MFA only for high-risk events. This minimizes friction for legitimate users while ensuring that account integrity is maintained.
Fake account protection
Stop automated fake account creation and synthetic identities
Prevent the creation of automated fake accounts and synthetic identities that pollute your user base and drain promotional budgets. By leveraging Google’s unparalleled visibility into trillions of digital interactions, we detect groups of accounts exhibiting suspicious related behavior at the moment of registration. This helps identify coordinated fraud rings attempting mass sign-ups for promo abuse or platform manipulation. With Fraud Defense, you can verify the intent of sign-ups in milliseconds, enabling you to foster a high-trust community and protect marketing investments.
Risorse per l'apprendimento
Stop automated fake account creation and synthetic identities
Prevent the creation of automated fake accounts and synthetic identities that pollute your user base and drain promotional budgets. By leveraging Google’s unparalleled visibility into trillions of digital interactions, we detect groups of accounts exhibiting suspicious related behavior at the moment of registration. This helps identify coordinated fraud rings attempting mass sign-ups for promo abuse or platform manipulation. With Fraud Defense, you can verify the intent of sign-ups in milliseconds, enabling you to foster a high-trust community and protect marketing investments.
SMS toll fraud protection
Prevent financial loss from SMS pumping and toll fraud attacks
Protect your financial bottom line from high-velocity "SMS pumping" and toll fraud. Fraud Defense uses unique Google-scale intelligence to analyze phone numbers and sign-up behavior, identifying malicious bots before they can trigger costly automated authentication messages. By neutralizing sign-up abuse at the source, you proactively prevent significant financial losses and infrastructure costs associated with fraudulent mobile authentication flows. This ensures your mobile-first registration experiences remain secure and cost-effective as you scale globally.
Risorse per l'apprendimento
Prevent financial loss from SMS pumping and toll fraud attacks
Protect your financial bottom line from high-velocity "SMS pumping" and toll fraud. Fraud Defense uses unique Google-scale intelligence to analyze phone numbers and sign-up behavior, identifying malicious bots before they can trigger costly automated authentication messages. By neutralizing sign-up abuse at the source, you proactively prevent significant financial losses and infrastructure costs associated with fraudulent mobile authentication flows. This ensures your mobile-first registration experiences remain secure and cost-effective as you scale globally.
Transaction protection
Secure payment workflows and identify fraudulent transactions
Secure your payment workflows and reduce chargebacks by identifying fraudulent transactions and card testing at the moment of purchase. By merging Google-scale intelligence with our deep expertise in payment risk and modeling, Fraud Defense protects your checkout flow without compromising the user experience. You can choose between a front-end JavaScript integration or our specialized API-only mode, which utilizes direct server-to-server calls for zero-friction protection. This identifies fraudulent intent and promo abuse in real-time, allowing you to safely accept more legitimate orders.
Risorse per l'apprendimento
Secure payment workflows and identify fraudulent transactions
Secure your payment workflows and reduce chargebacks by identifying fraudulent transactions and card testing at the moment of purchase. By merging Google-scale intelligence with our deep expertise in payment risk and modeling, Fraud Defense protects your checkout flow without compromising the user experience. You can choose between a front-end JavaScript integration or our specialized API-only mode, which utilizes direct server-to-server calls for zero-friction protection. This identifies fraudulent intent and promo abuse in real-time, allowing you to safely accept more legitimate orders.
Agentic web protection
Enable safe autonomous commerce for the next generation
Lead the transition to the next generation of digital business by enabling a safe agentic web. Fraud Defense provides visibility into the emerging communication layers of autonomous commerce, including Model Context Protocol (MCP) and Agent-to-Agent (A2A) interactions. Our trust-based framework allows you to distinguish between good agents acting on behalf of customers and malicious bots attempting to hijack machine-to-machine transactions. By verifying the intent of autonomous agents, you can safely welcome helpful shopping assistants while surgically blocking rogue actors.
Risorse per l'apprendimento
Enable safe autonomous commerce for the next generation
Lead the transition to the next generation of digital business by enabling a safe agentic web. Fraud Defense provides visibility into the emerging communication layers of autonomous commerce, including Model Context Protocol (MCP) and Agent-to-Agent (A2A) interactions. Our trust-based framework allows you to distinguish between good agents acting on behalf of customers and malicious bots attempting to hijack machine-to-machine transactions. By verifying the intent of autonomous agents, you can safely welcome helpful shopping assistants while surgically blocking rogue actors.
Prezzi
| Fraud Defense Pricing | Pricing tiers adjust automatically based on your usage, offering free assessments and advanced features, with higher tiers incurring charges for exceeding usage thresholds.* | ||
|---|---|---|---|
| Item | Essentials | Premium | Enterprise |
Cost per month | Free up to 10,000 assessments† | Requires a valid billing instrument in Google Cloud 1 - 10,000 assessments: Free† 10,001 - 100,000 assessments: $8.00 per 1,000 assessments More than 100,000 assessments: $1.00 per 1,000 assessments | Fixed monthly volume commitment at $1 per 1,000 assessments. |
Commitment | None | Monthly and pay-as-you-go | Subscription (Minimum 12 months) |
Bot defense | Yes | Yes | Yes |
Account defense | No | Yes* | Yes* |
SMS defense | No | Yes* | Yes* |
Transaction defense | No | Yes* | Yes* |
Mobile SDKs | No | Yes | Yes |
* For detailed information on Fraud Defense tiers please see Fraud Defense documentation.
† The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.
‡ Requires an extra assessment.
Fraud Defense Pricing
Pricing tiers adjust automatically based on your usage, offering free assessments and advanced features, with higher tiers incurring charges for exceeding usage thresholds.*
Cost per month
Free up to 10,000 assessments†
Requires a valid billing instrument in Google Cloud
1 - 10,000 assessments: Free†
10,001 - 100,000 assessments: $8.00 per 1,000 assessments
More than 100,000 assessments: $1.00 per 1,000 assessments
Fixed monthly volume commitment at $1 per 1,000 assessments.
Commitment
None
Monthly and pay-as-you-go
Subscription (Minimum 12 months)
Bot defense
Yes
Yes
Yes
Account defense
No
Yes*
Yes*
SMS defense
No
Yes*
Yes*
Transaction defense
No
Yes*
Yes*
Mobile SDKs
No
Yes
Yes
* For detailed information on Fraud Defense tiers please see Fraud Defense documentation.
† The free 10,000 assessments are per organization. The limit aggregates use across all accounts and all sites.
‡ Requires an extra assessment.
Learn more about Google Cloud Fraud Defense
Business case
Enabling real-world business value with Fraud Defense
IDC: The Business Value of Google Cloud Fraud Defense
Discover how global enterprises leverage Google’s fraud intelligence to secure their platforms while achieving significant, measurable business value across every interaction.
Featured benefits
Maximized ROI
545% ROI by reducing fraud-related losses and operational costs.
Bot mitigation
37% reduction in bot attacks by neutralizing malicious automation.
Account takeover reduction
51% reduction in account takeovers to protect user trust and brand reputation.
Domande frequenti
How do I migrate from reCAPTCHA to Fraud Defense?
No migration is required. Existing reCAPTCHA customers are automatically Fraud Defense customers. Your existing site keys and integrations will continue to function exactly as they do today.
What is the difference between reCAPTCHA and Google Cloud Fraud Defense?
Google Cloud Fraud Defense represents a shift from point-solution bot detection to a comprehensive trust platform designed for the Agentic Web. While reCAPTCHA focused on stopping automation at the perimeter, Fraud Defense secures the entire customer journey—from registration and login to checkout and payment. We address broader business challenges including account takeover, SMS toll fraud, and transaction abuse across any endpoint, including web, mobile, IoT, and emerging machine-to-machine layers like MCP. It’s not just about stopping bots; it’s about verifying intent and enabling frictionless commerce in an increasingly autonomous digital economy.
What types of online fraud does Google Cloud Fraud Defense protect against?
Fraud Defense provides multi-layered protection against a vast range of threats, including automated bot attacks, account takeovers, fake account creation, SMS toll fraud, fraudulent transaction attempts, and rogue agentic web threats.
How does Fraud Defense protect against account takeovers?
Our platform safeguards systems by detecting credential stuffing and brute-force attacks in real-time. We provide precise risk scores and explainable telemetry that allows security teams to automate responses.
How does Fraud Defense help identify and block payment fraud?
By merging Google-scale fraud intelligence with deep expertise in payment risk modeling, Fraud Defense identifies card testing and promo abuse at the moment of purchase via direct server-to-server calls or front-end integrations.
Does the platform support native mobile applications and IoT devices?
Yes. We provide native SDKs for iOS and Android, as well as reCAPTCHA Express for IoT and smart devices, ensuring a unified view of risk across any endpoint that cannot run standard JavaScript.
How does Fraud Defense secure the Agentic Web?
The platform is specifically built for the agentic frontier, providing visibility into A2A and MCP interactions to differentiate between helpful AI assistants and rogue bots trying to exploit autonomous commerce.
Can I use Fraud Defense to protect against SMS toll fraud and pumping?
Yes. Fraud Defense uses global intelligence to identify suspicious phone numbers and high-velocity sign-up patterns, blocking malicious bots before they can trigger costly fraudulent SMS messages.
How does Fraud Defense differentiate between humans and legitimate AI agents?
Our adaptive engine analyzes behavioral intent in real-time. It recognizes the trusted lanes of authorized AI agents while continuing to block malicious automation, enabling safe and frictionless autonomous business growth.
How does password leak detection work?
The platform securely compares user credentials against Google’s database of over 4 billion leaked records from third-party breaches, enabling you to proactively mitigate risks if a user’s password has been compromised elsewhere.
